simon/nixos-config
simon/nixos-config
1
1
Fork 0
Code Issues 8 Pull requests Actions Projects Activity

fuuko: Disable DHCP and DNS server

Browse source 
This is now the main router’s job.
This commit is contained in:
Simon Bruder 2022-09-12 20:54:59 +02:00
parent eeb8f25453
commit d508543c3c
Signed by: simon
GPG key ID: 8D3C82F9F309F8EC
4 changed files with 2 additions and 74 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
machines/fuuko/configuration.nix
View file

@ -5,7 +5,6 @@
../../modules ../../modules
../../users/simon ../../users/simon
./services/dnsmasq.nix
./services/fritzbox-exporter.nix ./services/fritzbox-exporter.nix
./services/media-backup.nix ./services/media-backup.nix
./services/media.nix ./services/media.nix

23
machines/fuuko/hardware-configuration.nix
View file

@ -11,14 +11,7 @@
blacklistedKernelModules = [ "acpi_power_meter" ]; # constantly pollutes kernel log blacklistedKernelModules = [ "acpi_power_meter" ]; # constantly pollutes kernel log
extraModulePackages = [ ]; extraModulePackages = [ ];
supportedFilesystems = [ "btrfs" ]; supportedFilesystems = [ "btrfs" ];
kernelParams = kernelParams = [ "ip=dhcp" ];
let
mainInterface = config.systemd.network.networks.eno1;
first = lib.flip lib.elemAt 0;
in
[
"ip=${first mainInterface.address}::${first mainInterface.gateway}::${config.networking.hostName}:${mainInterface.name}"
];
initrd = { initrd = {
availableKernelModules = [ availableKernelModules = [
"aesni_intel" # hardware crypto for luks "aesni_intel" # hardware crypto for luks
@ -82,19 +75,7 @@
powerManagement.cpuFreqGovernor = "performance"; powerManagement.cpuFreqGovernor = "performance";
networking.useDHCP = false; networking.useDHCP = false;
systemd.network = { networking.interfaces.eno1.useDHCP = true;
enable = true;
networks = {
eno1 = {
name = "eno1";
dns = [ "192.168.100.1" ];
domains = [ "home.sbruder.de" ];
address = [ "192.168.100.61/24" ];
gateway = [ "192.168.100.1" ];
};
};
};
services.resolved.enable = false;
systemd.network.wait-online.extraArgs = [ "-i" "eno1" ]; systemd.network.wait-online.extraArgs = [ "-i" "eno1" ];
} }

44
machines/fuuko/services/dnsmasq.nix
View file

@ -1,44 +0,0 @@
{ config, lib, pkgs, ... }:
{
services.dnsmasq = {
enable = true;
extraConfig = ''
bogus-priv # do not forward revese lookups of internal addresses
domain-needed # do not forward names without domain
local-service # only respond to queries from local network
no-hosts # do not resolve hosts from /etc/hosts
no-resolv # only use explicitly configured resolvers
cache-size=10000
server=/fritz.box/192.168.100.1
domain=home.sbruder.de
dhcp-range=192.168.100.20,192.168.100.150,12h
dhcp-option=option:router,192.168.100.1
'';
servers = [
"9.9.9.9" # dns.quad9.net
"2620:fe::fe"
"194.150.168.168" # dns.as250.net
];
};
# Make `local-service` work (requires network interface with all addresses)
systemd.services.dnsmasq = {
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
};
services.prometheus.exporters.dnsmasq = {
enable = true;
listenAddress = config.sbruder.wireguard.home.address;
leasesPath = "/var/lib/dnsmasq/dnsmasq.leases";
};
networking.firewall.allowedUDPPorts = [ 53 67 ];
networking.firewall.allowedTCPPorts = [ 53 ];
}

8
machines/renge/services/prometheus.nix
View file

@ -98,14 +98,6 @@ in
}; };
} }
) )
{
job_name = "dnsmasq";
static_configs = mkStaticTarget "fuuko.vpn.sbruder.de:${toString config.services.prometheus.exporters.dnsmasq.port}";
relabel_configs = lib.singleton {
target_label = "instance";
replacement = "fuuko.home.sbruder.de";
};
}
{ {
job_name = "hcloud"; job_name = "hcloud";
static_configs = mkStaticTarget config.services.hcloud_exporter.listenAddress; static_configs = mkStaticTarget config.services.hcloud_exporter.listenAddress;